Particularly known for their fitness progress tracking software, FitMetrix left millions of customers’ records up for grabs due to a completely open cloud server. Large amounts of the data were accessed by lurking criminals before it could be shut down. Elasticsearch was where the open database was originally discovered, which is known to have heavy traffic from attackers. Found on the database was 119 GB of data separated into two indexes with no password or login necessary to view the data. Information included was audit data as well as personal information such as name, gender, email, birthdate, emergency contact information and the contact’s relationship to the customer, nickname, shoe size, height and weight, Facebook ID, mobile phone number, home phone number, and activity levels. “It appears that the attackers are using a script that automates the process of accessing a database, possibly exporting it, deleting the database and then creating the ransom note. This script sometimes fails, and the data is still available to the user even though a ransom note is created,” said a researcher. Leaving cloud databases wide open has caused many breaches recently and they will only continue if security doesn’t improve.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased